As the value of bitcoins skyrockets, security researchers have discovered yet another piece of malware that harnesses the processing power of compromised PCs to mint the digital currency.

BTCs, as individual bitcoin units are known, have recently traded as high as $130, about four times their value from February. In Bitcoin vernacular, BTCs are "mined" by computers that solve cryptographic proof-of-work problems. For each correct block of data submitted, contributors are collectively rewarded with 50 25 bitcoins. Legitimate participants, who typically receive a percentage of the reward based on the number of blocks processed, often use powerful systems with multiple graphics processors to streamline the process.

But scammers spreading malware on Skype are taking a decidedly more nefarious approach. Their malicious code hijacks a computer's resources to mine BTC, according to a blog post published Thursday by a researcher from Kaspersky Lab. While the bitcoin-miner.exe malware harnesses only the CPU resources, which are much slower than GPUs in BTC mining, the attackers have the benefit of infecting many computers and then chaining them together to mint the digital currency. Unlike legitimate miners, the criminals don't have to pay the purchase price of the hardware or pay for the electricity to run them.

The malware spotted by Kaspersky is most likely just a copycat phenomenon, but there's reason to think it hasn't been a waste of time for the people who created it. The bit.ly URL that had been hosting the malware was receiving more than 2,000 clicks per hour just prior to the Kaspersky blog post going live. That's a fair amount of distributed computing power.

"As I said, the campaign is quite active," Kaspersky Lab Expert Dmitry Bestuzhev wrote. "If you see your machine is working hard, using all available CPU resources, you may be infected."

Post updated to clarify Bitcoin reward system described in second paragraph.

Promoted Comments

I am amazed by the number of people who think this negatively impacts the credibility of BitCoins in any meaningful way whatsoever. (In fact, it actually makes them MORE secure!) Learn a bit about a topic before you turn snarky, eh? I can't say that hijacking someone else's resources in order to verify blocks is a good thing, but it certainly doesn't reduce BitCoin credibility.

Agree completely. These hijackers are not stealing bitcoins. They are simply utilizing a botnet to increase their production as a miner.

Skype is the attack vector? But how? Social engineering ("click here!!!") or exploiting a software vulnerability? There's a huge difference between the two. Former? We shouldn't care about. Right? No one here clicks on strange crap? Right? If later? Time to stop using Skype until it's patched.

Edit: in the linked blog it appears to be social engineering. "Favorite picture of you" with a link to a PHP script? LOL.

Yeah, some more information on how this works would be nice. Does it only infect those who already have bitcoin software installed? How is the malware spread through skype? What to do if you see that process running?

Right, so in other words those who can afford the most computing resources can "earn" the most bitcoin. Somehow that doesn't seem fair, but I guess just like in real life "it takes money to make money."

I actually received about 6 IMs on Skype from a work contact with "Favorite Picture of You" links. Of course, I didn't click on them. Very interesting. So, does this mean that person mines bit coins on their computer? And again, do I have to have bitcoin software installed for the malware to control my PC?

I give Bitcoin another year before it becomes too compromised to remain viable.

Bitcoin was not compromised by this. On the contrary, Bitcoin's security increases with each additional miner. If anything, this malware steals people's CPU to make Bitcoin better. I'm not saying it's right, but I am saying that Bitcoin foresaw this, and the system was built around exactly that expected behavior.

Ok, this article is a little misleading. We (some work colleagues and I) have recently been reading up on Bitcoin because we were interested in it. First off, miners are not "rewarded" with 25 bitcoins. Miners actually get rewarded with a small fraction of a bitcoin for each transaction block completed (transaction fees and a very small percentage of the bitcoins produced), and over time it adds up. 25 bitcoins comes out to roughly 3537$ USD at current exchange rate, so no, miners are not making this amount every 10 minutes. They get a small percentage of that based on the number of blocks processed, this amount is also affected by the number of miners currently processing transactions. So mining is very competitive and hard to make any money in.

That number will keep dropping as years pass, with the remainder of bitcoins being produces around 2140 when there will be no more produced. So basically what these hackers are doing is hijacking other peoples PC to use for mining. This increases the amount of blocks they can calculate and increase that small percentage they get for each transaction block.

So I can run a program on my computer that does a bunch of math to compute some hashes or somethign or other. Then at some point my computer will indicate that I now personally own a bitcoin.

So then I can do what? Exchange it for USD somewhere? Or pay for some good or service from someone willing to accept it as payment?

I know all the blah blah about governments just "printing money", but the whole bitcoin thing, the way you just "mine" money with video cards, seems really odd.

Mining is nothing more than processing blocks of transactions. Miners get a very small percentage of a bitcoin per block. The more blocks they can process the more percentage they earn. So the more miners, the less each gets. It's all based on how many blocks you can process as a miner. There are Pools out there which are nothing more than what these hackers are doing only everyone is in agreement. These pools are just groups of miners gathering to pool their computer resources to increase their percentage of the take. Same thing these hijackers are doing only they are using other peoples PCs to increase the amount of blocks they process and increase their percentage.

It should also be noted that the 25 Bitcoins produced every 10 minutes is the total amount produced, period. In other words, there are not 25 produced each 10 minutes per miner. It is only 25 overall each ten minutes.

Ok, this article is a little misleading. We (some work colleagues and I) have recently been reading up on Bitcoin because we were interested in it. First off, miners are not "rewarded" with 25 bitcoins. Miners actually get rewarded with a small fraction of a bitcoin for each transaction block completed, and over time it adds up. 25 bitcoins comes out to roughly 3537$ USD at current exchange rate, so no, miners are not making this amount every 10 minutes. Each miner typically doesn't get that much per transaction, they get a small percentage of that based on the number of blocks proicessed as well as the number of miner currently processing transactions..

That number will keep dropping as years pass, with the remainder of bitcoins being produces around 2140 when there will be no more produced. So basically what these hackers are doing is hijacking other peoples PC to use for mining. This increases the amount of blocks they can calculate and increase that small percentage they get for each transaction block.

That makes more sense. I was reading it as people were getting hundreds of thousands of dollars in bitcoins by doing this, which seemed bananas to me.

So I can run a program on my computer that does a bunch of math to compute some hashes or somethign or other. Then at some point my computer will indicate that I now personally own a bitcoin.

A very small percentage of one yes. Bitcoins are figured down to 8 decimal places. It would actually take you quite a while to earn a whole bitcoin as a miner. Unless you had a whole house full of servers doing nothing but mining.

kleinma wrote:

So then I can do what? Exchange it for USD somewhere? Or pay for some good or service from someone willing to accept it as payment?

Yup. Think of it as virtual Gold. You can keep it, sell it off later at a higher exchange rate and make a few dollars, or use it to buy goods and services. Believe it or not there are quite a few places using bitcoin for payment.

LOL. That's just awesome! What a way to exploit an already horribly flawed concept. Create a Bitcoin botnet and mine the planet. Why waste your time and resources when you can just use everyone else's.

This isn't anything particularly new, botnet owners have been mining bitcoins for over a year, you can buy a basic hidden miner for $10. The botnet seems to be basic as well, using irc as it's command and control server rather than http like more recent malware. http://www.exposedbotnets.com/2013/04/h ... ed-by.htmlThe only thing that sets this one apart is it's use of skype as a spreading tool, something that is becoming more and more common.

Right, so in other words those who can afford the most computing resources can "earn" the most bitcoin. Somehow that doesn't seem fair, but I guess just like in real life "it takes money to make money."

I am amazed by the number of people who think this negatively impacts the credibility of BitCoins in any meaningful way whatsoever. (In fact, it actually makes them MORE secure!) Learn a bit about a topic before you turn snarky, eh? I can't say that hijacking someone else's resources in order to verify blocks is a good thing, but it certainly doesn't reduce BitCoin credibility.

How does the PHP script actually infect the client computer and get the malware to run? PHP is a server-side language...

Doesn't say. Could be more social engineering: offers an EXE download and user needs to press Yes to run.

Or it could exploit browser or browser add-on software vulnerabilities. If so, the prime suspects would be Flash or JVM.

When you vist the site it downloads skype-img-04_04-2013.zip. If you open that up you find skype-img-04_04-2013.exe, with the skype icon on the exe. It relies on people keeping the default windows setting that hides the .exe extension and double clicking on anything they download. Obviously the botnet owner is having quite a bit of success with this strategy.

This sin't anything particularly new, botnet owners have been mining bitcoins for over a year, you can buy a basic hidden miner for $10. The botnet seems to be basic as well, using irc as it's command and control server rather than http like more recent malware. http://www.exposedbotnets.com/2013/04/h ... ed-by.htmlThe only thing that sets this one apart is it's use of skype as a spreading tool, something that is becoming more and more common.

From the very article you're commenting on:

Bitcoin-mining malware has been circulating for almost two years now. Some versions actually tap infected computers' GPUs and can even run on OS X Macs.

I am amazed by the number of people who think this negatively impacts the credibility of BitCoins in any meaningful way whatsoever. (In fact, it actually makes them MORE secure!) Learn a bit about a topic before you turn snarky, eh? I can't say that hijacking someone else's resources in order to verify blocks is a good thing, but it certainly doesn't reduce BitCoin credibility.

Agree completely. These hijackers are not stealing bitcoins. They are simply utilizing a botnet to increase their production as a miner.

I give Bitcoin another year before it becomes too compromised to remain viable.

Bitcoin was not compromised by this. On the contrary, Bitcoin's security increases with each additional miner. If anything, this malware steals people's CPU to make Bitcoin better. I'm not saying it's right, but I am saying that Bitcoin foresaw this, and the system was built around exactly that expected behavior.

No. Bitcoin's security only increases with each independent miner. If an individual (or consortium) can control 50.1% of miners, then Bitcoin is fully compromised. Miner botnets could let someone reach that goal.

So what is the purpose of all these computations, other than to create bitcoins? Surely the results of the computations must have some intrinsic value other than bitcoins, otherwise what is the point of it all?

So what is the purpose of all these computations, other than to create bitcoins? Surely the results of the computations must have some intrinsic value other than bitcoins, otherwise what is the point of it all?

The ultimate purpose of mining is to secure bitcoin transactions. Which is what haliphax's point was. The more miners, the more secure transactions are. However, on the flip side, no one is going to mine if there isn't some value it in for them, so they are compensated.

So I can run a program on my computer that does a bunch of math to compute some hashes or somethign or other. Then at some point my computer will indicate that I now personally own a bitcoin.

So then I can do what? Exchange it for USD somewhere? Or pay for some good or service from someone willing to accept it as payment?

I know all the blah blah about governments just "printing money", but the whole bitcoin thing, the way you just "mine" money with video cards, seems really odd.

Mining is nothing more than processing blocks of transactions. Miners get a very small percentage of a bitcoin per block. The more blocks they can process the more percentage they earn. So the more miners, the less each gets. It's all based on how many blocks you can process as a miner. There are Pools out there which are nothing more than what these hackers are doing only everyone is in agreement. These pools are just groups of miners gathering to pool their computer resources to increase their percentage of the take. Same thing these hijackers are doing only they are using other peoples PCs to increase the amount of blocks they process and increase their percentage.

It should also be noted that the 25 Bitcoins produced every 10 minutes is the total amount produced, period. In other words, there are not 25 produced each 10 minutes per miner. It is only 25 overall each ten minutes.

You didn't get this quite right.

One miner gets all 25 Bitcoins every 10 minutes. Which miner gets the 25 Bitcoins is essentially random. It's whoever discovered the next block in the chain.

However, many (most?) miners are part of a pool these days. Everyone in the pool agrees to share their earnings. This makes the effective result closer to what you've said, everyone gets a small payout every ten minutes. But you only get a payout if someone in your pool discovered that next block.

So I can run a program on my computer that does a bunch of math to compute some hashes or somethign or other. Then at some point my computer will indicate that I now personally own a bitcoin.

So then I can do what? Exchange it for USD somewhere? Or pay for some good or service from someone willing to accept it as payment?

I know all the blah blah about governments just "printing money", but the whole bitcoin thing, the way you just "mine" money with video cards, seems really odd.

Mining is nothing more than processing blocks of transactions. Miners get a very small percentage of a bitcoin per block. The more blocks they can process the more percentage they earn. So the more miners, the less each gets. It's all based on how many blocks you can process as a miner. There are Pools out there which are nothing more than what these hackers are doing only everyone is in agreement. These pools are just groups of miners gathering to pool their computer resources to increase their percentage of the take. Same thing these hijackers are doing only they are using other peoples PCs to increase the amount of blocks they process and increase their percentage.

It should also be noted that the 25 Bitcoins produced every 10 minutes is the total amount produced, period. In other words, there are not 25 produced each 10 minutes per miner. It is only 25 overall each ten minutes.

You didn't get this quite right.

One miner gets all 25 Bitcoins every 10 minutes. Which miner gets the 25 Bitcoins is essentially random. It's whoever discovered the next block in the chain.

However, many (most?) miners are part of a pool these days. Everyone in the pool agrees to share their earnings. This makes the effective result closer to what you've said, everyone gets a small payout every ten minutes. But you only get a payout if someone in your pool discovered that next block.

So what is the purpose of all these computations, other than to create bitcoins? Surely the results of the computations must have some intrinsic value other than bitcoins, otherwise what is the point of it all?

The primary purpose of mining is that miners are responsible for processing transactions.

In exchange for processing transactions, miners are compensated in two ways. They can receive a bounty of newly created Bitcoins. (One miner every 10 minutes gets 25 Bitcoins, and the amount declines over time.) Miners can also charge a transaction fee. Transaction fees are currently pretty low, because the newly created Bitcoins do a pretty good job of compensating miners for transaction processing.

The term "miner" is a slight misnomer. Mining will be necessary for the system even after the pre-agreed limit for the number of Bitcoins is reached and no new Bitcoins are being created.

As an aside, the mining structure is pretty smart. They developed a way to increase the currency base over time (rather than dumping the total amount of currency into the market at once) while compensating participants for processing transactions.

EDIT: To further clarify: You may have heard of Bitcoin described as a peer-to-peer system where transactions are recorded in a distributed database and the peers come to consensus about which transactions are "correct" and which are "incorrect". The "peers" in that description are the mining applications. But be careful of the world "miner", because people use it both to refer to individual mining processes running on various hardware and to the people that may control those programs. Each instance of the mining application gets a vote in that consensus building excercise.

I am amazed by the number of people who think this negatively impacts the credibility of BitCoins in any meaningful way whatsoever. (In fact, it actually makes them MORE secure!) Learn a bit about a topic before you turn snarky, eh? I can't say that hijacking someone else's resources in order to verify blocks is a good thing, but it certainly doesn't reduce BitCoin credibility.

I would be worried if a botnet ever got a large hashrate. Around 65% of the total hashrate comes from only six mining pools. (http://blockchain.info/pools) If someone hit them offline with a ddos (which would be easy for a botnet large enough to do plenty of mining), someone with a large enough botnet could try and make a 51% attack on the network. Botnets most likely already make up a significant proportion of the hashrate, as most are working with an existing pool, either through a mining proxy or just having many bots use one worker. If a few large botmasters got organized, bitcoin could be in trouble.

How are bitcoins any different than any other currency? If no one wants them, they are worthless. Same goes for current worldwide currencies. I don't get the appeal of bitcoin at all, it's just as volatile as any other currency, except for the fact that I can't walk into my rent office and dump bitcoins on their counter.

I am amazed by the number of people who think this negatively impacts the credibility of BitCoins in any meaningful way whatsoever. (In fact, it actually makes them MORE secure!) Learn a bit about a topic before you turn snarky, eh? I can't say that hijacking someone else's resources in order to verify blocks is a good thing, but it certainly doesn't reduce BitCoin credibility.

I would be worried if a botnet ever got a large hashrate. Around 65% of the total hashrate comes from only six mining pools. (http://blockchain.info/pools) If someone hit them offline with a ddos (which would be easy for a botnet large enough to do plenty of mining), someone with a large enough botnet could try and make a 51% attack on the network. Botnets most likely already make up a significant proportion of the hashrate, as most are working with an existing pool, either through a mining proxy or just having many bots use one worker. If a few large botmasters got organized, bitcoin could be in trouble.

Pools are immaterial. They are only linked by an agreement to share any Bitcoins awarded to the pool. They do not necessarily operate in tandem in any other way. To DDoS a pool is just as hard as if those machines were not operating in a pool.

The problem is if no one is mining bitcoins, no one is processing the bitcoins transactions. If no one is processing bitcoins transactions, bitcoins can't be used.

What happens when the amount of bitcoins that can be mined starts going to zero? Will people still be interested in processing bitcoin transactions?

Depends. Typically miners also charge processing fees (I've seen as low as 1% and as high as 10% processing fees) in addition to any bitcoins they may earn. So when that happens, I guess they could still process transaction for processing fees. Though I imagine those fees will go up since that will be the only way they get any value from the processing.